Lucene search
K

31 matches found

Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-11589 WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated Stored XSS via File Upload

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript such as HTML or SVG to a publicly accessible location, leading to Stored Cross-Site Scripting attac...

5.6AI score0.00173EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/05/04 12:0 a.m.7 views

VulnCheck KEV: CVE-2026-2931

The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

8.8CVSS7.4AI score0.00382EPSS
In wildExploits0References2
CVE
CVE
added 2026/03/26 3:37 a.m.16 views

CVE-2026-2931

The CVE-2026-2931 entry concerns the Amelia Booking plugin for WordPress (versions up to and including 9.1.2). The vulnerability is an Insecure Direct Object Reference that allows a user-controlled access to objects, enabling authenticated users with customer-level permissions or higher to change...

8.8CVSS5.8AI score0.00382EPSS
In wildExploits0References4
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.12 views

CVE-2025-67279

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format...

5.3CVSS7.5AI score0.00311EPSS
Exploits0References1
NVD
NVD
added 2026/01/09 4:16 p.m.4 views

CVE-2025-67278

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request...

6.5CVSS0.00276EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/09 12:0 a.m.5 views

CVE-2025-67280

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user...

6.8AI score0.00195EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.6 views

PT-2026-1877

Name of the Vulnerable Software and Affected Versions TIM BPM Suite/ TIM FLOW versions through 9.1.2 Description The software contains multiple SQL injection flaws that could allow both low-privileged and administrative users to access the database and its contents. Recommendations Versions prior...

5.4CVSS7.5AI score0.00192EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.4 views

TIM BPM Suite和TIM FLOW 安全漏洞

TIM BPM Suite and TIM FLOW are both business process management software from TIM Germany. A security vulnerability exists in TIM BPM Suite,TIM FLOW 9.1.2 and earlier versions, which originates from SQL injection and could lead to unauthorized access to the database...

5.4CVSS7.7AI score0.00192EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.3 views

TIM BPM Suite和TIM FLOW 安全漏洞

TIM BPM Suite and TIM FLOW are both business process management software from TIM Germany. A security vulnerability exists in TIM BPM Suite and TIM FLOW versions prior to 9.1.2, which originates from a specially crafted HTTP request and could result in elevated privileges...

6.5CVSS6.7AI score0.00276EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.5 views

TIM BPM Suite和TIM FLOW 安全漏洞

TIM BPM Suite and TIM FLOW are both business process management software from TIM Germany. A security vulnerability exists in TIM BPM Suite and TIM FLOW versions 9.1.2 and earlier, which stems from an authorization bypass that could lead to elevated privileges and information disclosure...

5.4CVSS6.4AI score0.00195EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 11:22 a.m.5 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS6.8AI score0.00421EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-28129

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apach...

7.5CVSS7.2AI score0.01849EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/08/16 9:51 a.m.4 views

WordPress WooCommerce plugin <= 9.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin WooCommerce versions = 9.1.2...

5.9CVSS6.1AI score0.00373EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/05/16 9:15 a.m.1 views

CVE-2024-30274

Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00307EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/16 12:0 a.m.6 views

PT-2023-7070 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.7 Splunk Enterprise versions prior to 9.1.2 Description: The issue is related to ineffective escaping in the "Show syntax Highlighted" feature, which can result in the execution of unauthorized code in ...

4.8CVSS6.8AI score0.00475EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.4 views

PT-2022-27002 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS formerly concrete5 versions 9.0.0 through 9.1.2 Concrete CMS formerly concrete5 versions prior to 8.5.10 Description: The issue allows the authTypeConcreteCookieMap table to be filled up, causing a denial of service due to high...

6.5CVSS7.2AI score0.00989EPSS
Exploits0References14
CNNVD
CNNVD
added 2022/08/25 12:0 a.m.3 views

TOTOLINK A3700R 缓冲区错误漏洞

The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK A3700R version V9.1.2u.6134B20201202, which stems from a stack overflow in the command parameter of the setTracerouteCfg method...

7.8CVSS5.6AI score0.00327EPSS
Exploits1References2
OSV
OSV
added 2022/08/10 6:15 a.m.2 views

UBUNTU-CVE-2022-31779

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

7.5CVSS5.8AI score0.01886EPSS
Exploits0References3
OSV
OSV
added 2022/08/10 6:15 a.m.0 views

UBUNTU-CVE-2022-28129

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

7.5CVSS7.1AI score0.01849EPSS
Exploits0References3
CNVD
CNVD
added 2020/04/09 12:0 a.m.3 views

Palo Alto Networks PAN-OS Formatting String Error Vulnerability (CNVD-2020-22957)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A Formatting String Error vulnerability exists in the Varrcvr daemon in PAN-OS version 9.0 prior to 9.0.7 and version 9.1 prior to 9.1.2 in Palo Alto Networks. A remote attacker could...

9.8CVSS7.6AI score0.03367EPSS
Exploits0
Rows per page
Query Builder